Implementing OpenID, OAuth & OAuth/WRAP for Consumer Identity
Chris Messina & David Primmer, Google
Tuesday, 8am to 12pm
As the cloud becomes the common operating environment for consumer applications, every app is going to require some kind of user authentication in order to provide services. To facilitate and simplify account management for consumers, OpenID acts as a convenient and secure alternative to the proliferation of passwords and easily-forgotten account credentials.
Combined with OAuth, OpenID and OAuth provide an industry standard for authenticating users and provisioning user-revokable access to their data as well as access to user data from remote sources. Learn how these technologies function in tandem to provide for a more secure and usable experience for building compelling apps on the open, social web.
Practical Focus: This workshop will teach you the fundamentals of user authentication with OpenID, how to build secure APIs using OAuth and OAuth WRAP (and help you understand the differences between these technologies), and how to combine them into a hybrid API for maximum usability and utility.
Topics include:
As the cloud becomes the common operating environment for consumer applications, every app is going to require some kind of user authentication in order to provide services. To facilitate and simplify account management for consumers, OpenID acts as a convenient and secure alternative to the proliferation of passwords and easily-forgotten account credentials.
Combined with OAuth, OpenID and OAuth provide an industry standard for authenticating users and provisioning user-revokable access to their data as well as access to user data from remote sources. Learn how these technologies function in tandem to provide for a more secure and usable experience for building compelling apps on the open, social web.
Practical Focus: This workshop will teach you the fundamentals of user authentication with OpenID, how to build secure APIs using OAuth and OAuth WRAP (and help you understand the differences between these technologies), and how to combine them into a hybrid API for maximum usability and utility.
Topics include:
- Identity services: Understanding how OpenID and OAuth work
- Separating authentication, authorization, and attribution concerns
- Best practices for implemented delegated authentication systems
- How to use OpenID and OAuth to provide convenient, secure access to your APIs
- Design considerations for implementing OpenID and OAuth
- Moving profile data around with Attribute Exchange, SREG, and Portable Contacts
- Using the OpenID Hybrid to avoid the chasm of death
